NHS computer systems hacked!?

Soldato
Joined
9 Dec 2007
Posts
10,492
Location
Hants
4G... Next?
4g backup router? Or individual 4g enabled devices?

I can think of issues with both options.

In reality I'd be surprised if most trusts don't have fail over lines as well as the N3. But obviously that doesn't help if someone whangs a digger through the fibre.
 
Soldato
Joined
28 Sep 2008
Posts
14,123
Location
Britain
4g backup router? Or individual 4g enabled devices?

I can think of issues with both options.

In reality I'd be surprised if most trusts don't have fail over lines as well as the N3. But obviously that doesn't help if someone whangs a digger through the fibre.

Either, both, any. They just need a connection, as they would from said device to a local instance of the DBs / servers if a switch went down. I'm not advocating that Cloud is the best solution, solely, but I am certainly a proponent of the fact that SLA of cloud providers trumps on-prem solutions and a system can always nearly be moved to a cloud offering even if it ends up being (S)PaaS.
 
Soldato
Joined
26 Sep 2007
Posts
4,137
Location
Newcastle
I’m no IT expert and my opinion is irrelevant but shoving everything in the cloud is not always the best option.

On-site with cloud replication is the way forward. We're looking into a new system that backs up all of your VMs to a cloud-based datacentre. Should you suffer a failure on-site, you simply power up the VM "in the cloud" and have staff access it that way instead. It's a brilliant system and seemingly used by some extremely big companies if their sales pitch is anything to go off.

Either, both, any. They just need a connection, as they would from said device to a local instance of the DBs / servers if a switch went down. I'm not advocating that Cloud is the best solution, solely, but I am certainly a proponent of the fact that SLA of cloud providers trumps on-prem solutions and a system can always nearly be moved to a cloud offering even if it ends up being (S)PaaS.

I've seen far too many times where, unless the provider is massive like 365, outages have caused chaos for far too long of a period where we would have had our on-site systems restored long before they had. Hell, I've even seen 365 go down for an entire customer for an entire afternoon, they were crippled.
 
Caporegime
Joined
29 Jan 2008
Posts
58,899
On-site with cloud replication is the way forward. We're looking into a new system that backs up all of your VMs to a cloud-based datacentre. Should you suffer a failure on-site, you simply power up the VM "in the cloud" and have staff access it that way instead. It's a brilliant system and seemingly used by some extremely big companies if their sales pitch is anything to go off.

to "a data centre"? that doesn't sound like anything particularly novel, surely backing things up to a remote data centre and being able to make use of the servers or VMs there instead has been pretty standard for years?
 
Soldato
Joined
30 Sep 2005
Posts
16,527
On-site with cloud replication is the way forward. We're looking into a new system that backs up all of your VMs to a cloud-based datacentre. Should you suffer a failure on-site, you simply power up the VM "in the cloud" and have staff access it that way instead. It's a brilliant system and seemingly used by some extremely big companies if their sales pitch is anything to go off.



I've seen far too many times where, unless the provider is massive like 365, outages have caused chaos for far too long of a period where we would have had our on-site systems restored long before they had. Hell, I've even seen 365 go down for an entire customer for an entire afternoon, they were crippled.

Interested to hear some more about this. Would you consider making a thread over in the Enterprise section?

Did you consider creating a second data-centre onsite perhaps in another building close buy? san replication etc etc
 
Soldato
Joined
28 Sep 2008
Posts
14,123
Location
Britain
I've seen far too many times where, unless the provider is massive like 365, outages have caused chaos for far too long of a period where we would have had our on-site systems restored long before they had. Hell, I've even seen 365 go down for an entire customer for an entire afternoon, they were crippled.

Which is nothing more than poor cloud design. Treat the cloud like you would any normal datacenter and span it out across regions, there is never a need for the above to occur. If MS were to lose two regions, there would be far greater things to worry about than taking patient obs :D
 
Soldato
Joined
26 Sep 2007
Posts
4,137
Location
Newcastle
to "a data centre"? that doesn't sound like anything particularly novel, surely backing things up to a remote data centre and being able to make use of the servers or VMs there instead has been pretty standard for years?

Yes, but the minute you power them on your costs usually jump massively. It seems with this subscription model you get a 30-day window to restore your side before this happens.

Interested to hear some more about this. Would you consider making a thread over in the Enterprise section?

Did you consider creating a second data-centre onsite perhaps in another building close buy? san replication etc etc

This is more aimed at the SME sector, many of which don't have a data centre to begin with. Just a single or two host configuration. If I find the time I'll do a write-up, in the mean time you can have a look for yourself at DATTO. It's also brilliant for backing up 365 data (Exchange, Sharepoint, Azure etc).

If customers were backing up to our data-centre, we already have a secondary one running alongside so we don't necessarily have a need for this. We're obviously more expensive as we don't have quite the infrastructure that Datto do, we have the benefit of being on our customers door steps though which a lot of people prefer.

Which is nothing more than poor cloud design. Treat the cloud like you would any normal datacenter and span it out across regions, there is never a need for the above to occur. If MS were to lose two regions, there would be far greater things to worry about than taking patient obs :D

Microsoft also don't back up your data either, if there was some corruption at there end how do you go about getting your data back? We don't trust it which is why we recommend backing up 365 data to a local source.
 
Soldato
Joined
28 Sep 2008
Posts
14,123
Location
Britain
Microsoft also don't back up your data either, if there was some corruption at there end how do you go about getting your data back? We don't trust it which is why we recommend backing up 365 data to a local source.

Partly true. Azure backups are enabled by default, as are 365 retention policies and archiving. That and the fact data (depending on selection) is held in more than one region, and replicated across others, means backups and restores are not that painful. It feels like either you've misread, misunderstood, or been mis-advised, on how Azure/365/AWS works.
 
Soldato
Joined
8 Apr 2011
Posts
2,932
Location
London
Yeah, this wont be happening as soon as they are making out. I work for a medical IT company where our application sits on NHS trusts infrastructure. Our application is not supported on windows 10 using lower versions of our product - which most of the NHS hospitals have. Upgrading comes at a price, this is the same with a lot of medical applications.

I will be shocked if all hospitals are on win 10 anytime soon , this budget will not include stuff like this.
 
Associate
Joined
7 Nov 2011
Posts
1,410
Yeah, this wont be happening as soon as they are making out. I work for a medical IT company where our application sits on NHS trusts infrastructure. Our application is not supported on windows 10 using lower versions of our product - which most of the NHS hospitals have. Upgrading comes at a price, this is the same with a lot of medical applications.

I will be shocked if all hospitals are on win 10 anytime soon , this budget will not include stuff like this.

There's a lot of systems out there still running XP based OS's.
 
Man of Honour
Joined
13 Oct 2006
Posts
90,818
Lot of EPOS and other systems like that still use embedded XP and/or variants of CE that look like XP.

We just moved a load of systems like that which were on XP over to Linux as trying to use Windows 10 on them was just tragic - wholly unsuitable OS for that kind of usage but we needed something more modern for security reasons.
 
Soldato
Joined
30 Sep 2005
Posts
16,527
Lot of EPOS and other systems like that still use embedded XP and/or variants of CE that look like XP.

We just moved a load of systems like that which were on XP over to Linux as trying to use Windows 10 on them was just tragic - wholly unsuitable OS for that kind of usage but we needed something more modern for security reasons.

Did the same thing last summer. Changed 900 XP terminals to linux. Went like a bloody dream.
 
Soldato
Joined
1 Mar 2010
Posts
21,778
*REBOOT Russians this time not NK *

latest cozy/fancybears hack, sleeper malware. what have they stolen , will we know if the new UK cyber crime org retaliates ?
Solarwindcompany took down there list of clients, so don't know if tech companies apple/intel/amd were impacted, MS was

Research by The Register has shown that SolarWinds' Orion is used widely across the British public sector, ranging from the Home Office and Ministry of Defence through NHS hospitals and trusts, right down to local city councils.

SolarWinds' products are in regular use in the Royal Navy and Royal Air Force, with the agency also counting GCHQ, the Cabinet Office, and the Ministry of Justice among its customers. Most concerningly, a company brochure [PDF] also stated that the MoD's Defence Equipment and Support agency was a SolarWinds customer. DE&S is the agency that maintains Britain's high-tech fighter jets, submarines, and warships.

https://www.theregister.com/2020/12/16/solarwinds_github_password/
SolarWinds, the maker of the Orion network management software that was subverted to distribute backdoored updates that led to the compromise of multiple US government bodies, was apparently told last year that credentials for its software update server had been exposed in a public GitHub repo.

Vinoth Kumar, a security researcher, claimed on Tuesday he had made such a report to SolarWinds last November, warning that it could be used to upload files to the server. The password he said he found, in plaintext for all to see, is a textbook example of a weak password that never should have been allowed.

In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on [November 22]."

https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
The actor periodically connects from a server at a VPS provider to access specific users’ emails using the permissions granted to the impersonated Application or Service Principal. In many cases, the targeted users are key IT and security personnel. By impersonating existing applications that use permissions like Mail.Read to call the same APIs leveraged by the actor, the access is hidden amongst normal traffic. For this reason, if you suspect you are impacted you should assume your communications are accessible to the actor.
 
Soldato
Joined
19 Feb 2010
Posts
13,249
Location
London
You have to wonder if many orgs have gotten away with it simply because the amount of hits for the hackers has been overwhelming. They can't have enough time or resources to investigate that many compromises at once so if it's state-sponsored are likely to have focused on the highest intelligence value targets such as government, defence, high value IP and perhaps medical research IMO.

On a side note I am facepalming at the way some people have built their firewall policies at the moment, Jesus H.Christ. Lazy admins have won the day here - I know a few people who hadn't updated their installations in years.
 
Back
Top Bottom